Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nX6vBTxf3ybde48t0JcIhDjmEXo.roa
File:                     nX6vBTxf3ybde48t0JcIhDjmEXo.roa (raw, json)
Hash identifier:          CrJbxTtvjGt4EFTIvourMJ9Rsf5U3wnVmLt/v9moLs0=
Subject key identifier:   9D:7E:AF:05:3C:5F:DF:26:DD:7B:8F:2D:D0:97:08:84:38:E6:11:7A
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0190FA070E650CAE507E2AE14CF135C533DE
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nX6vBTxf3ybde48t0JcIhDjmEXo.roa
Signing time:             Sun 28 Jul 2024 15:48:04 +0000
ROA not before:           Sun 28 Jul 2024 15:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        93.113.57.0/24 maxlen: 24
                          188.240.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fa:07:0e:65:0c:ae:50:7e:2a:e1:4c:f1:35:c5:33:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jul 28 15:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d7eaf053c5fdf26dd7b8f2dd097088438e6117a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e0:1c:c9:1c:cd:72:9b:0f:41:ae:36:4a:87:
                    2f:b5:ab:20:36:df:8d:0c:99:f7:e6:e7:1d:c6:28:
                    bf:32:09:a2:40:89:9e:81:19:ef:87:f5:9d:ea:3e:
                    03:3a:c6:d1:3a:27:9a:b9:cf:4c:4f:63:f5:0e:a2:
                    51:4d:d6:58:32:f2:6a:10:7c:6e:ed:e8:d6:3b:ac:
                    0b:af:33:0c:c8:2c:f0:bf:65:89:db:2c:2c:ed:80:
                    6f:65:e7:66:33:33:09:33:c9:61:88:ae:71:28:4d:
                    2c:a7:b4:ce:13:10:0a:88:95:97:ab:45:28:6c:7a:
                    dc:ab:59:83:dc:c5:a2:9d:f9:6e:e0:7d:60:4d:c2:
                    32:1a:cf:26:14:de:cc:36:6f:05:36:28:7f:3a:38:
                    e3:30:65:55:41:a2:31:ea:62:5c:1a:da:38:67:44:
                    ef:2e:bc:31:7b:51:ed:3f:8a:c3:6d:0a:a9:51:2e:
                    26:dd:48:1e:dd:2d:c2:a0:97:e7:48:02:30:71:94:
                    61:f3:37:20:2c:2d:0c:62:29:d6:f0:d2:89:31:12:
                    00:60:be:95:f0:11:4e:be:54:ff:96:be:e3:3b:0b:
                    51:e3:8c:cc:fc:65:44:64:ea:43:3d:f3:d1:97:8c:
                    05:56:1a:5e:09:50:0b:b8:a5:83:b3:f9:cb:cd:cc:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:7E:AF:05:3C:5F:DF:26:DD:7B:8F:2D:D0:97:08:84:38:E6:11:7A
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nX6vBTxf3ybde48t0JcIhDjmEXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.57.0/24
                  188.240.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:49:36:4f:d5:a0:0c:a5:5a:f1:ee:38:c2:10:f0:09:bd:da:
         c2:37:58:29:de:4f:d6:ad:c8:3c:b3:b0:b8:97:19:fa:31:8f:
         fd:b7:10:77:38:60:26:69:a5:53:46:8e:ee:c4:32:b9:2f:ac:
         56:bd:4f:fb:3d:1c:13:ae:8c:7e:5f:b3:92:22:83:66:f5:70:
         b0:c4:16:c9:c0:39:df:e6:e4:9f:1e:be:ac:cd:76:ef:9e:c6:
         e4:63:fd:8c:72:c9:2b:f7:01:4d:57:05:0c:20:cc:e9:40:c5:
         5c:ff:4a:9d:a8:3a:b4:17:37:2e:cc:1d:7c:d8:79:97:dd:d5:
         08:3d:57:06:94:ff:6f:c8:96:58:2f:33:61:10:65:38:f2:84:
         91:97:b0:d3:18:35:19:85:38:64:e1:8c:67:a0:c9:00:61:fb:
         75:cb:2b:38:4d:d3:38:05:2a:3d:98:00:0f:0e:3f:d1:51:14:
         b3:59:8b:9b:3c:00:74:de:d3:e8:93:37:c6:b2:ac:18:54:19:
         59:90:3c:3a:36:65:26:38:66:1c:30:d0:e5:53:c8:ce:d7:5f:
         05:9c:7b:04:2f:5a:f0:97:82:e9:d3:7b:c1:65:ce:e1:4e:97:
         3f:f3:cc:99:38:db:05:13:f5:d1:bb:05:e2:93:c5:56:6b:9f:
         f8:f8:60:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZD6Bw5lDK5QfirhTPE1xTPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNzI4MTU0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdlYWYwNTNjNWZkZjI2ZGQ3YjhmMmRkMDk3MDg4NDM4ZTYxMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuAcyRzNcpsPQa42SocvtasgNt+N
DJn35ucdxii/MgmiQImegRnvh/Wd6j4DOsbROieauc9MT2P1DqJRTdZYMvJqEHxu
7ejWO6wLrzMMyCzwv2WJ2yws7YBvZedmMzMJM8lhiK5xKE0sp7TOExAKiJWXq0Uo
bHrcq1mD3MWinflu4H1gTcIyGs8mFN7MNm8FNih/OjjjMGVVQaIx6mJcGto4Z0Tv
Lrwxe1HtP4rDbQqpUS4m3Uge3S3CoJfnSAIwcZRh8zcgLC0MYinW8NKJMRIAYL6V
8BFOvlT/lr7jOwtR44zM/GVEZOpDPfPRl4wFVhpeCVALuKWDs/nLzcwMNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ1+rwU8X98m3XuPLdCXCIQ45hF6MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvblg2dkJUeGYzeWJkZTQ4dDBKY0loRGptRVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXE5AwQA
vPBRMA0GCSqGSIb3DQEBCwUAA4IBAQBpSTZP1aAMpVrx7jjCEPAJvdrCN1gp3k/W
rcg8s7C4lxn6MY/9txB3OGAmaaVTRo7uxDK5L6xWvU/7PRwTrox+X7OSIoNm9XCw
xBbJwDnf5uSfHr6szXbvnsbkY/2Mcskr9wFNVwUMIMzpQMVc/0qdqDq0FzcuzB18
2HmX3dUIPVcGlP9vyJZYLzNhEGU48oSRl7DTGDUZhThk4YxnoMkAYft1yys4TdM4
BSo9mAAPDj/RURSzWYubPAB03tPokzfGsqwYVBlZkDw6NmUmOGYcMNDlU8jO118F
nHsEL1rwl4Lp03vBZc7hTpc/88yZONsFE/XRuwXik8VWa5/4+GCk
-----END CERTIFICATE-----